MAGETWO-95621: Path Validation in Templates

StasKozar · StasKozar · commit 56a7e9fab4b5 · 2018-10-23T10:45:42.000+03:00
diff --git a/lib/internal/Magento/Framework/View/Element/Template/File/Validator.php b/lib/internal/Magento/Framework/View/Element/Template/File/Validator.php
@@ -7,10 +7,10 @@
 
 use \Magento\Framework\App\Filesystem\DirectoryList;
 use Magento\Framework\Component\ComponentRegistrar;
+use \Magento\Framework\Filesystem\Driver\File as FileDriver;
 
 /**
- * Class Validator
- * @package Magento\Framework\View\Element\Template\File
+ * Class Validator.
  */
 class Validator
 {
@@ -68,26 +68,34 @@ class Validator
      */
     protected $_compiledDir;
 
+    /**
+     * @var FileDriver
+     */
+    private $fileDriver;
+
     /**
      * Class constructor
      *
      * @param \Magento\Framework\Filesystem $filesystem
      * @param \Magento\Framework\App\Config\ScopeConfigInterface $scopeConfigInterface
      * @param ComponentRegistrar $componentRegistrar
      * @param string|null $scope
+     * @param FileDriver|null $fileDriver
      */
     public function __construct(
         \Magento\Framework\Filesystem $filesystem,
         \Magento\Framework\App\Config\ScopeConfigInterface $scopeConfigInterface,
         ComponentRegistrar $componentRegistrar,
-        $scope = null
+        $scope = null,
+        FileDriver $fileDriver = null
     ) {
         $this->_filesystem = $filesystem;
         $this->_isAllowSymlinks = $scopeConfigInterface->getValue(self::XML_PATH_TEMPLATE_ALLOW_SYMLINK, $scope);
         $this->_themesDir = $componentRegistrar->getPaths(ComponentRegistrar::THEME);
         $this->moduleDirs = $componentRegistrar->getPaths(ComponentRegistrar::MODULE);
         $this->_compiledDir = $this->_filesystem->getDirectoryRead(DirectoryList::TEMPLATE_MINIFICATION_DIR)
             ->getAbsolutePath();
+        $this->fileDriver = $fileDriver ?: \Magento\Framework\App\ObjectManager::getInstance()->get(FileDriver::class);
     }
 
     /**
@@ -128,7 +136,7 @@ protected function isPathInDirectories($path, $directories)
             $directories = (array)$directories;
         }
         foreach ($directories as $directory) {
-            if (0 === strpos($path, $directory)) {
+            if (0 === strpos($this->fileDriver->getRealPath($path), $directory)) {
                 return true;
             }
         }
diff --git a/lib/internal/Magento/Framework/View/Test/Unit/Element/Template/File/ValidatorTest.php b/lib/internal/Magento/Framework/View/Test/Unit/Element/Template/File/ValidatorTest.php
@@ -20,21 +20,21 @@ class ValidatorTest extends \PHPUnit_Framework_TestCase
      *
      * @var \Magento\Framework\View\Element\Template\File\Validator
      */
-    private $_validator;
+    private $validator;
 
     /**
      * Mock for view file system
      *
      * @var \Magento\Framework\FileSystem|\PHPUnit_Framework_MockObject_MockObject
      */
-    private $_fileSystemMock;
+    private $fileSystemMock;
 
     /**
      * Mock for scope config
      *
      * @var \Magento\Framework\App\Config\ScopeConfigInterface|\PHPUnit_Framework_MockObject_MockObject
      */
-    private $_scopeConfigMock;
+    private $scopeConfigMock;
 
     /**
      * Mock for root directory reader
@@ -62,12 +62,35 @@ class ValidatorTest extends \PHPUnit_Framework_TestCase
      */
     protected function setUp()
     {
-        $this->_fileSystemMock = $this->getMock('\Magento\Framework\Filesystem', [], [], '', false);
-        $this->_scopeConfigMock = $this->getMock('\Magento\Framework\App\Config\ScopeConfigInterface');
-        $this->rootDirectoryMock = $this->getMock('\Magento\Framework\Filesystem\Directory\ReadInterface');
-        $this->compiledDirectoryMock = $this->getMock('\Magento\Framework\Filesystem\Directory\ReadInterface');
+        $this->fileSystemMock = $this->getMock(
+            \Magento\Framework\Filesystem::class,
+            [],
+            [],
+            '',
+            false
+        );
+        $this->scopeConfigMock = $this->getMock(
+            \Magento\Framework\App\Config\ScopeConfigInterface::class,
+            [],
+            [],
+            '',
+            false
+        );
+        $this->rootDirectoryMock = $this->getMock(
+            \Magento\Framework\Filesystem\Directory\ReadInterface::class,
+            [],
+            [],
+            '',
+            false);
+        $this->compiledDirectoryMock = $this->getMock(
+            \Magento\Framework\Filesystem\Directory\ReadInterface::class,
+            [],
+            [],
+            '',
+            false
+        );
 
-        $this->_fileSystemMock->expects($this->any())
+        $this->fileSystemMock->expects($this->any())
             ->method('getDirectoryRead')
             ->will($this->returnValueMap(
                 [
@@ -80,7 +103,13 @@ protected function setUp()
             ->method('getAbsolutePath')
             ->will($this->returnValue('/magento/var/compiled'));
 
-        $this->componentRegistrar = $this->getMock('Magento\Framework\Component\ComponentRegistrar', [], [], '', false);
+        $this->componentRegistrar = $this->getMock(
+            \Magento\Framework\Component\ComponentRegistrar::class,
+            [],
+            [],
+            '',
+            false
+        );
         $this->componentRegistrar->expects($this->any())
             ->method('getPaths')
             ->will(
@@ -91,10 +120,18 @@ protected function setUp()
                     ]
                 )
             );
-        $this->_validator = new \Magento\Framework\View\Element\Template\File\Validator(
-            $this->_fileSystemMock,
-            $this->_scopeConfigMock,
-            $this->componentRegistrar
+
+        $fileDriverMock = $this->getMock(\Magento\Framework\Filesystem\Driver\File::class);
+        $fileDriverMock->expects($this->any())
+            ->method('getRealPath')
+            ->willReturnArgument(0);
+
+        $this->validator = new \Magento\Framework\View\Element\Template\File\Validator(
+            $this->fileSystemMock,
+            $this->scopeConfigMock,
+            $this->componentRegistrar,
+            null,
+            $fileDriverMock
         );
     }
 
@@ -103,23 +140,22 @@ protected function setUp()
      *
      * @param string $file
      * @param bool $expectedResult
-     *
-     * @dataProvider testIsValidDataProvider
-     *
      * @return void
+     *
+     * @dataProvider isValidDataProvider
      */
     public function testIsValid($file, $expectedResult)
     {
         $this->rootDirectoryMock->expects($this->any())->method('isFile')->will($this->returnValue(true));
-        $this->assertEquals($expectedResult, $this->_validator->isValid($file));
+        $this->assertEquals($expectedResult, $this->validator->isValid($file));
     }
 
     /**
      * Data provider for testIsValid
      *
-     * @return []
+     * @return array
      */
-    public function testIsValidDataProvider()
+    public function isValidDataProvider()
     {
         return [
             'empty' => ['', false],
